An Interest In:
Web News this Week
- March 23, 2024
- March 22, 2024
- March 21, 2024
- March 20, 2024
- March 19, 2024
- March 18, 2024
- March 17, 2024
Some of Our Sources
- TutsPlus - Code
- Web Designer Wall
- Joshua Blankenship
- Spoon Graphics
- Smashing Magazine
- Abduzeedo
- Inspiredology
- Crazy Leaf Design
- Fudge Graphics
- Wal You
Help Webnuz
Referal links:
August 6, 2018 01:00 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/9A9pXm7h8ck/security-researchers-express-concerns-over-mozillas-new-dns-resolution-for-firefox
Security Researchers Express Concerns Over Mozilla's New DNS Resolution For Firefox
With their next patch Mozilla will introduce two new features to their Firefox browser they call "DNS over HTTPs" (DoH) and Trusted Recursive Resolver (TRR). Mozilla says this is an additional feature which enables security. Researchers think otherwise. From a report: So let's get to the new Firefox feature called "Trusted Recursive Resolver" (TRR). When Mozilla turns this on by default, the DNS changes you configured in your network won't have any effect anymore. At least for browsing with Firefox, because Mozilla has partnered up with Cloudflare, and will resolve the domain names from the application itself via a DNS server from Cloudflare based in the United States. Cloudflare will then be able to read everyone's DNS requests. From our point of view, us being security geeks, advertising this feature with slogans like "increases security" is rather misleading because in many cases the opposite is the case. While it is true that with TRR you may not expose the websites you call to a random DNS server in an untrustworthy network you don't know, it is not true that this increases security in general. It is true when you are somewhere in a network you don't know, i. e. a public WiFi network, you could automatically use the DNS server configured by the network. This could cause a security issue, because that unknown DNS server might have been compromised. In the worst case it could lead you to a phishing site pretending to be the website of your bank: as soon as you enter your personal banking information, it will be sent straight to the attackers. But on the other hand Mozilla withholds that using their Trusted Recursive Resolver would cause a security issue in the first place for users who are indeed in a trustworthy network where they know their resolvers, or use the ISP's default one. Because sharing data or information with any third party, which is Cloudflare in this case, is a security issue itself.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/9A9pXm7h8ck/security-researchers-express-concerns-over-mozillas-new-dns-resolution-for-firefox
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot